Security Audit
jnMetaCode/superpowers-zh:skills/systematic-debugging
github.com/jnMetaCode/superpowers-zhTrust Assessment
jnMetaCode/superpowers-zh:skills/systematic-debugging received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection in `find` command via `TEST_PATTERN`, Command Injection in `ls` command via `POLLUTION_CHECK`, Secondary Command Injection in `npm test` via `TEST_FILE`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on March 25, 2026 (commit 03baa780). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection in `find` command via `TEST_PATTERN` The `TEST_PATTERN` variable, derived directly from user input `$2`, is used in the `find . -path "$TEST_PATTERN"` command. An attacker can inject arbitrary shell commands using command substitution (e.g., `$(...)`) or by injecting `find`-specific predicates like `-exec` to execute commands. For example, setting `TEST_PATTERN` to `*.ts -exec rm -rf / \;` could lead to arbitrary file deletion or other malicious command execution. Sanitize `TEST_PATTERN` to ensure it only contains valid glob characters or use a safer method to find files that doesn't involve direct shell interpretation of the pattern. If `TEST_PATTERN` is only expected to be a simple glob, validate it strictly. Consider using `find . -name "$(basename "$TEST_PATTERN")"` if only filename matching is needed, or escape special characters in the pattern. | LLM | find-polluter.sh:23 | |
| HIGH | Command Injection in `ls` command via `POLLUTION_CHECK` The `POLLUTION_CHECK` variable, derived directly from user input `$1`, is used in `ls -la "$POLLUTION_CHECK"`. An attacker can inject arbitrary shell commands using command substitution (e.g., `$(...)`). For example, setting `POLLUTION_CHECK` to `foo$(rm -rf /)` would execute `rm -rf /` before `ls` is called, potentially leading to arbitrary command execution. Sanitize `POLLUTION_CHECK` to ensure it only contains valid file path characters. Avoid using user-supplied input directly in commands where command substitution or other shell features can be exploited. If the intent is to check for a literal file or directory name, ensure the input is properly escaped or validated. | LLM | find-polluter.sh:40 | |
| MEDIUM | Secondary Command Injection in `npm test` via `TEST_FILE` The `TEST_FILE` variable, which is populated by the output of the potentially vulnerable `find` command (as identified in the first finding), is then used in `npm test "$TEST_FILE"`. If an attacker successfully injects the `find` command to output a malicious string (e.g., a filename containing shell metacharacters or a command), this malicious string will be executed by `npm test`. This is a secondary injection point dependent on the successful exploitation of the `find` command injection. Address the primary command injection vulnerability in the `find` command. Additionally, ensure that `TEST_FILE` is validated to be a legitimate and safe file path before being passed to `npm test`. | LLM | find-polluter.sh:31 |
Scan History
Embed Code
[](https://skillshield.io/report/884dd577d1d2b8a5)
Powered by SkillShield